Computer Vulnerabilities - What They Are And How To Deal With Them
Can I protect my information, if the system itself is vulnerable?
Probably, everybody who more or less knows how to use the computer and the internet have heard about viruses, Trojans, worms, malware. But definitely not many users know what are the system vulnerabilities, and how hackers can use them. That is why, systems are still in a danger, data is stolen, and software are being damaged.
Why vulnerabilities take place?
Well, writing programs and developing systems is a very complicated process. That is why, there appear many human mistakes, and those mistakes create the vulnerabilities in the system, or imperfectness. And those vulnerabilities are accessible for hackers, when they read the program code. They see a vulnerability and of course, will do their best to exploit it. Moreover, the system of the program developers may even not suspect about such a vulnerability, otherwise they would eliminate it and close a door to your system for hackers.
The most widespread vulnerabilities are:
a. Programming bug
Programming bug allows performing of the attack. Actually, it is an error, or a defect of programming. And they can be exploited to get access to web servers or networks. Though, we shall make a clear difference between a bug and a system vulnerability. A bug is just a hole in a program, or in a system. it is not dangerous as it is. While a vulnerability is a bug, too, but this one is open to users, including the hackers, who can exploit it. That is why, a bug, as it is, can wait to be fixed, while a vulnerability shall be patched as soon as possible.
b. Vulnerability exploit
Well, this is actually a name for both, a vulnerability and an exploit. Most often, specific vulnerabilities are exploited by specific scripts, and they both have the same names. And these ones are easily detected by vulnerability scanners.
c. Programming constructs
As we already mentioned, errors in programming due to their complexity may happen more often than we could believe. And they can create vulnerabilities and be exploited. The biggest danger of this vulnerability is, that the software / system developers are not aware of the vulnerabilities, that their products have, and hackers, of course, do not hurry to share information about new vulnerabilities, that they have found.
d. Intended features
These are legitimate ways, which can be used by malware and viruses to get access to the system.
All kind of vulnerabilities shall be considered if one wants to provide the highest level of security for his / her system. And of course, one shall know the vulnerabilities very well and also ways how to eliminate the penetration of malware through them.
Of course, it is possible to put the highest level of security and block completely all possible accesses to the system. but this will also block access to the system for the good applications, which you may want to download, too. That is why, if you want to protect yourself and your system, better get a good antivirus and antimalware software.
There are vulnerabilities, about which we may be very well aware, if we are following the IT news or just are interested in the product we use. These vulnerabilities aren’t so dangerous, as we have mentioned, we know about them and we can take measures to protect our system from them.
Another thing are the unknown vulnerabilities, those, which are not reported to the public. Or, as they are also called, zero-day vulnerabilities.
Why zero-day? Because they haven’t been discovered earlier, and the developer of the software doesn’t know about them yet. Hence, he cannot create a patch to fix them. They are like an open door for any kind of viruses and exploits of all possible kinds. And these vulnerabilities are a real treasure for hackers. Basically, such vulnerabilities can be used before the developer or a vendor becomes aware of them and releases a so called patch, to fix the vulnerability. That is why, they are called Zero-day, as they shall be used as soon as possible. Normally, software providers and vendors release patches, or fixes, according to the schedule. Microsoft, for example, releases fixes every second Tuesday of the month. But, if the vulnerability is really critical and poses a big danger, a patch can be released on an urgent basis, not within the schedule.
Well, all sounds rather pessimistic, BUT there are ways to protect your system from the vulnerabilities.That is why, you better know the ways and use them.
How to deal with vulnerabilities
If we speak about a website, then, to eliminate the opportunities of an exploit, you shall:
- Restrict the access to your website to a very limited number of people. The fewer people have an access to it, the more secure it is.
- Use solutions that can detect the malicious behaviour and prevent the intrusion.
- Monitor network and log constantly and as often as possible, in order to identify the weaknesses and prevent an intrusion.
For a laptop, a computer or any other device:
- Use an antivirus solution
- Use a firewall
- Apply a spam filter
- If possible, apply an antimalware solution
For the web browsers:
- Use firewalls, antivirus software
- Keep them updated
As it was discovered, the hackers mostly do not have a specific target. They just scan google to find websites that are running a known vulnerable code, and are attacking them with exploits. Though, there are some preferences, again based rather on security terms than on the terms of a businesses. For example, franchises are easy to exploit. And once some vulnerability is found, the other franchises of a similar kind can be exploited, too.
Then, small and middle size businesses websites are exploited rather than the websites of big companies. Why? Again, for the same reason. They are mostly less protected, though the damage for a business caused by an unauthorized access may be incomparably higher.
Though, a target may be any website. Take for example the websites of big USA companies, such as Adobe, Google – they were the targets of attacks too. But even the very basic websites can be attacked as they may serve for the spreading of the malware to other websites, say, websites of the clients.
In most cases, the attackers are trying to get access to private, confidential and secret information, to collect data with different purposes, mostly, to get some profit or to continue spreading the malware or a virus. That is why, even if you are running a very basic website, and you do not possess any secret information, you still can be targeted, as the reasons for the attacks can vary, and well, your system can be attacked even without any particular reason, just to check how vulnerable it is or just for fun, or to try out the malware, or… there are so many reasons, and not all of them seem to have a sense.
How the exploits get into your system?
There are several ways for an exploit to infiltrate your system. But the most popular are the following:
1. Through web browsers, such as Internet Explorer, Chrome, Firefox and other
2. Through the browser plug-ins
3. Through the system itself
4. Adobe products
5. Other applications that are usually well-known for this ability
The most damaging scenario is when a hacker installs a code in your OS. The problem is that in such case it is very difficult to detect it and even more difficult is to eliminate it and the consequences of its activity. The probability of a successful attack increases significantly, if you use a vulnerable browser or a specific software.
Then, you definitely know what is a PDF document. They are used so often that we do not think too much before opening it. And this is a real danger, because exploits are sent via mails in PDF files, too. If we open a PDF file in a vulnerable reader, the code of an exploits triggers the payload, for example, the backdoor installation. And the consequences now will depend on the hacker, who initiated the attack. Through the backdoor different kinds of threats may enter your system, and you will even not always be aware of what is happening, till it is too late.
The most vulnerable tool ever – Adobe Flash Player
To playback the content, the Adobe Flash Player is usually applied. And this is one more way for a hacker to get access to your system. I it is not updated constantly, as recommends its producer, an attacker can use a vulnerability in this tool to install the malicious code remotely. That is why, this kind of vulnerability is called the Remote Code Execution (RCE) type.
Java – Consider seriously before using (vulnerability alarm)
A virtual machine called Java is nowadays one of the most vulnerable components. It has been so popular, and so easy-to-use, that it is applied now in more than three billion devices. And that is why it shall be updated whenever an update is available. Not updated plug-ins are a good way for an attacker to perform a cyber-attack and a very successful one.
One of the most vulnerable systems is Windows. It can be used to install remotely a malicious code and perform different activities in your system, even to get a full control over it. That is why, more recent Windows versions have inbuilt mechanisms to prevent intrusions.
The most popular protective mechanisms are:
1. Data Execution Prevention and Address Space Layout Randomization
This is an extra layer that prevents exploiting vulnerabilities. With them, special restrictions are imposed to a part of memory, that shall not be used for a code execution.
2. User Account Control
If one wants to run a program, that would change the settings, he / she will need a confirmation from the administrator.
3. SmartScreen Filter
This feature prevents downloading from the internet malicious application. The selection of what to allow or to block, depends on the reputation of the files. Starting from Windows 8, it is a built in feature that allows working in all browsers.
4. Enhanced Protected Mode for Internet Explorer
This feature lets all tabs of a browser run as isolated processes. They are allowed to perform one kind of actions, while others are blocked (a sandbox technique).
As for the PDF attachments, all modern versions of PDF include such feature as a protected mode view. In this mode, certain functions, that can pose a potential danger, are blocked. This mode is deactivated on default, that is why, we would recommend you to turn it on, as Adobe is one of the most vulnerable tools.
In order to protect your browser, is applied a sandbox technique. The applications in different tabs run isolated from each other. This allows to keep the browser stable and put restrictions on applications for executing particular kinds of codes. In the newest version of Internet Explorer, this technique is also known as the Enhanced Protected Mode.
Moreover, you can use specific applications, called exploit blockers. ESET, for example, has recently released the Exploit Blocker, a software that analyses the program behaviour and blocks the program if this behaviour is suspicious. It doesn’t matter, which kind of vulnerability may be used, if the program is behaving like an exploit, it is blocked.
That is why, if you don’t want other people get access to your computer, or to damage your system or to steal your information, you shall use all possible techniques, that are available to protect you.